Envisioning the Audit Committee of the Future

The uncertain and turbulent business and risk landscape will continue to put board—and audit committee—governance and oversight processes to the test. As part of the NACD Future of the American Board Initiative, KPMG joined NACD in convening the Future of the Audit Committee Working Group to consider the internal and external forces that are having the greatest impact on the audit committee’s responsibilities and workload. The group also worked to identify key areas of focus and emerging practices for audit committees to consider as they reassess the committee’s oversight processes and operations.

The insights and observations shared by the members of the working group formed the basis for the Audit Committee Blueprint, which spotlights 10 critical areas for audit committee focus going forward. While the scope of audit committee oversight responsibilities has increased significantly, the committee’s core oversight responsibilities—for financial reporting, related controls, disclosures, and oversight of auditors—have also become more complex and demanding. In addition, the audit committee’s composition continues to evolve.

As one member of the working group noted, “We’re probably past the days of audit committees being comprised only of former [chief financial officers] and those with financial backgrounds. You might still see that in the chair role, but for audit committees to oversee all the other issues on the committee’s plate, you need a different mix of skill sets.”

In addition, as the audit committee’s oversight responsibilities continue to expand and evolve, many audit committees have added or are adding members with experience in information technology, cybersecurity, climate, or other areas critical to the business. This has resulted, in some cases, in the committee relying on one or two members, such as the chair, as experts tasked with handling the “heavy lifting” in the oversight of financial reporting and controls. For example, one working group member shared, “On my audit committee, the chair is the only real financial expert. I don’t think that is unique. I’m not saying it’s a bad thing, but it’s an interesting evolution to be aware of.”

Other themes that emerged from the working group discussions included:

Expanding risk oversight responsibilities. The increasing complexity and unexpected interconnectedness of risks has put a premium on more holistic risk management and oversight. Many audit committees today are shouldering heavy risk agendas and oversight responsibilities beyond their core responsibilities—for cybersecurity, data privacy, supply chain, geopolitical, and regulatory compliance risks, as well as oversight responsibility for all or aspects of management’s enterprise risk management system and processes. 

Expanding responsibilities for ESG oversight. Demands from regulators, investors, employees, customers, and other stakeholders for action as well as increased disclosure and transparency—particularly around climate, cybersecurity, and environmental, social, and governance (ESG)—continue to intensify. Many audit committees are evaluating what their role should be vis-à-vis their companies’ corporate sustainability reports and other ESG disclosures, as well as the selection of disclosure frameworks (to the extent not mandated by law or regulation). The US Securities and Exchange Commission (SEC) has been aggressive in identifying deficiencies in disclosure controls and procedures and in calling out greenwashing.

Regulation of climate and other ESG disclosures by the SEC and foreign regulators. The SEC’s disclosure proposals, particularly its climate proposal, as well as recent foreign sustainability reporting requirements—such as the European Union’s Corporate Sustainability Reporting Directive, which has an extraterritorial reach that may touch many US multinationals—are likely a game changer for audit committees. They greatly expand the committee’s workload and oversight responsibilities (including overseeing the company’s compliance with differing global ESG reporting regimes, and the external auditor’s attestation of greenhouse gas emissions and other information required by global regulators) and require greater coordination with other standing committees than has historically occurred.

The blueprint’s 10 areas of focus—taken together with the other considerations and recommendations offered by the working group—can provide audit committees a framework for reassessing and fine-tuning their oversight practices, skill sets, and leadership. ■

KPMG is a NACD strategic content partner, providing directors with critical and timely information, and perspectives. KPMG is a financial supporter of the NACD.

This article is from the Directorship Special Issue 2024: The Future of the American Board.

Stephen T. Dabney is an audit partner at KPMG and leads the KPMG Audit Committee Institute.